Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs. Free Speech
  • From: Stefano Papini <stefano.papini@xxxxxxxxxxxxxxxx>
  • Date: Fri, 18 May 2001 11:10:37 +0100
  • Message-id: <3B05032D.B4628E5C@xxxxxxxxxxxxxxxx>
Thanks for your feedback,
this is important indeed.
Now, I'm sorry but the little I learned is on a magazine I can't read
just now. I'll be more precise in a couple of day, as soon as I can
recollect some more info on Common Criteria. Anyway, this is the web
site, as recovered from Google:

http://www.commoncriteria.org/

I think that it UK, BS9977 and similars (I believe) are used (BS:
British Standards, for not UK citizens).

I'm too not too sure what is meant for user policy, I think that is
substantially linked to security and access to the resources and data
provided by the system (AKA *nix policy on users, groups, apps), but
maybe this can be my interpretation based on *nix (although limited)
knowledge.

It's just because it seems odd to me, too, that I wanted to point your
attention towards this issue and ask again to escalate this to the
highest level possible.

I forwarded my mail to gnu@xxxxxxxx

This is not meant for spamming, but to support Free Software and avoid
proprietary chains.

Thanks a lot,

Ste

Fergus Wilde wrote:
>
> This does sound like it could be important, and like it would be worth doing
> something about. But I don't know what the Common Criteria are (never heard
> of them, in fact), nor do I understand what is meant by user policy. Linux
> and *nix are certainly very widely used in the UK academic sector, so it
> would seem odd if there has been nothing done on compliance with standards.
> Can you give us a bit more background to work with before we start reacting?
>
> Best
> Fergus
>
> ----- Original Message -----
> From: "Stefano Papini" <stefano.papini@xxxxxxxxxxxxxxxx>
> To: "SuSE" <suse-linux-e@xxxxxxxx>
> Sent: Friday, May 18, 2001 10:01 AM
> Subject: [SLE] Common Criteria and ITSEC (BSxxyy, etc..), Free Beer vs. Free
> Speech
>
> > Hello,
> > I apologize for the priority but I think that this is a big issue,
> > indeed.
> >
> > I recently learned that italian PA (Public Administration) is defining a
> > law (or sort of) about the informative systems which can be adopted for
> > its purpouse, by asking the systems the compliance with some level (I
> > think EAL2) of Common Criteria (CC), or European equipollents (ITSEC, or
> > BS (British Standards)).
> >
> > I was told that it was recently stated on the web that Linux solutions
> > wouldn't be compliant to such criteria, above all for what addresses the
> > user "policy" (or something like that).
> >
> > Can somebody point me to some useful direction towards this issue?
> > Do anybody know whether a Linux system can or has been certified versus
> > CC?
> >
> > I think that this lack of certification is given by the lack of
> > interest, or absence of motivation, by the Linux community rather than
> > by technical limits.
> >
> > I think, of course, that the compliance to these international
> > certification criteria should be considered as an essential feature in
> > order not to limit the diffusion of Linux systems and "free software"
> > (in the sense of freedom, of course) also in PA which is a "strategic"
> > area of users.
> >
> > Of course the same PA, and the State, should be the first instituion
> > sponsoring Free Software, just to guarantee the accessibility to all
> > citizens to the services proivided (first of all about the
> > documentation).
> >
> > Please if you have any information, let's cohordinate a project aimed to
> > "raise" the problem towards the international community, asking for
> > support of EU, Free Software Foundation, ...
> >
> > Thanks a lot,
> > Ste
> >
> > --
> > To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> > For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> > Also check the FAQ at http://www.suse.com/support/faq and the
> > archives at http://lists.suse.com

< Previous Next >
Follow Ups